Home > Java > HttpClient 3.1 custom cookie policy

HttpClient 3.1 custom cookie policy

In our project, during the test of my quite simple ProxyServlet implementation based on Apache HttpClient 3.1, I came across cookie rejection issue:

WARNING: Cookie rejected: “$Version=0; CICCIO=qwqedq; $Path=/; $Domain=.mydomain.it”. Illegal domain attribute “.mydomain.it”. Domain of origin: “localhost”
04-Jul-2011 10:20:18 org.apache.commons.httpclient.HttpMethodBase processCookieHeaders

Consider the test scenario:
I want to proxy a web resource such as http://dest.mydomain.it/destinationPath and I want to force my client to pass through my http://localhost:8080/MyProxyServlet  to get it.
As you can see, this is not a typical simple http proxy because MyProxyServlet actually delegates to some business rules and I also don’t want clients to know the real destination domain URL. That’s why they must call a URL like:


Running the test means:

My ProxyServlet Test (with HttpClient) –> ProxyServlet (uses HttpClient internally) –> destination URL to be proxied

The aim of ProxyServlet is to pass back to the client all the response of destinationPath call along with returning headers (and cookies).

The problem is that my test client cannot accept .mydomain.it cookie domain because of apache HttpClient cookie validation (remember: my test calls “localhost” domain!). None of the provided implementation of CookiePolicy would work because what I want to do is a complete infringement of Http RFCs!! :-O
The only way for the client to see the returning cookie from another domain is to override the specs used by Apache HttpClient 3.1:

  1. Define your own spec class:
    public class PermitAllCookiesSpec extends CookieSpecBase{public void validate(String host, int port, String path, boolean secure, final Cookie cookie) throws MalformedCookieException {….. //you can even leave this empty!


  2. register and initialize your client:
    HttpClient httpclient = new HttpClient(); CookiePolicy.registerCookieSpec(“PermitAllCookiesSpec”, PermitAllCookiesSpec.class); httpclient.getParams().setCookiePolicy(“PermitAllCookiesSpec”);

That’s it!

If you’re wondering about why I’m using apache HttpClient 3.1..well:

  1. Using JRE URLConnection is not worth with (all communities say it. google it)
  2. It’s simpler than HttpClient 4 api
  3. It’s been tested for years ;-)
  4. It contains all features I need by now.
Categorie:Java Tag:,
  1. Non c'è ancora nessun commento.
  1. No trackbacks yet.


Effettua il login con uno di questi metodi per inviare il tuo commento:

Logo WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione /  Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione /  Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione /  Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione /  Modifica )


Connessione a %s...

%d blogger hanno fatto clic su Mi Piace per questo: